How worrying are the changes to the Investment Advisors Act 1940 custody rule?

In the meantime, the custody industry – joined, in this case, by almost the whole of the financial services industry in the United States – is taking a much less sanguine view of another regulatory reform proposed by the SEC: a series of changes to the “custody rule” of the Investment Advisers Act of 1940 that have potentially far-reaching impacts on the custody industry. (1)

The impacts are so wide-ranging that they have generated fierce resistance in multiple quarters. The SEC faces extremely powerful groups determined to oppose the rule change. Among the most formidable are the 15,000 Registered Investment Advisors (RIAs) managing US$128 trillion on behalf of investors. They have close ties to local members of the House of Representatives throughout the United States.

The American Bankers Association (ABA) is another opponent with strong local political connections. It represents nearly 5,000 banks employing two million people, and the smaller members of the ABA fear the rule changes will cost them custody business. The Independent  Community Bankers of America (ICBA), a domestic trade organisation that represents about 5,700 small to mid-size community banks, also has a membership with close local political ties.

Opponents are working together too. In September 2023, no less than 26 trade associations signed a letter entitled “Negative Impacts of the Safeguarding Proposal on Investors, Market Participants, and the Financial Markets.” (2) For such an extensive coalition of trade groups to publicly challenge a proposal by one of their primary regulators is rare enough, but the letter included unusually forceful language as well.

The letter itemised four changes to current custodial practices – extended segregation of customer assets, a broadening of custodial responsibilities, a widening of the asset classes covered and a set of contractual obligations impossible for many firms to fulfil – that its signatories regard as unacceptable before urging the SEC not only to abandon the proposal in its current form but “to gain a better understanding of the current custodial framework.” In case the addressee (Gary Gensler) missed that last point, the authors of the letter repeat it: “Before re-proposing, the Commission should gain a better understanding of the custodial market to develop a more tailored proposal.” (3)

The wide scope of the un-tailored rule change is proved by the range of signatories, which include the trade associations of participants in the swaps and OTC derivatives, syndicated loans, real estate, commodities, life assurance, hedge fund, mutual fund and commodities industries – several of which are not even overseen by the SEC in any capacity.

Indeed, the letter implies that the SEC is asserting authority over assets and areas that are not within its powers (ultra vires rather than intra vires); that these assets and areas currently work well; and that, in many cases, the proposed changes are either duplicative of existing provisions or in conflict with existing safeguards enforced by other regulators, such as the CFTC, the Federal banking regulators and the state insurance regulators. Other comments suggest market participants believe they have solid grounds for legal action.

Finally, the House of Representatives Financial Services Committee, which approves the operating budget of the SEC, has demanded the regulator withdraw the revised custody rule. One of its sub-committees has prepared legislative proposals that will thwart agreement on the 2024 budget of the SEC if the new custody rule is adopted.

The response is so forceful that it is hard to believe the rule change can survive in its present form. While rare, such defeats for regulators are not unknown. The joint letter submitted by 12 trade associations attacking the buy-in rules proposed by the European Securities and Markets Association (ESMA) under the Central Securities Depositories Regulation (CSDR), for example, proved highly effective in arguing that ESMA did not know what it was doing: the proposed buy-in rule was withdrawn for modification in 2021, where it has remained ever since.

The SEC did indeed retreat on 30 August 2023, reopening a comment period that had closed on 8 May 2023, extending it to 30 October 2023, although the retreat was camouflaged as a technical necessity. The SEC said they needed to give RIAs more time to comment on the adoption of the private fund adviser audit rule, which requires RIAs to obtain an annual audit of the financial statements of each private fund they advise in accordance with the audit provision of the revised custody rule. (4)

So what was so obnoxious in a 432-page document dealing with the ostensively drab subject of “Safeguarding Advisory Client Assets”? Technically, it concerns the amendment of the “custody rule” (206(4)-2) issued in 1962 (5) under the Investment Advisers Act of 1940 into a new “safeguarding rule” (223-1). It is bundled up with related changes to the Rule 204-2, which governs investment adviser books and records, and the annual Form ADV completed by RIAs. The answer is that the proposed rule change introduced seven potentially sweeping changes to the way custody operates in practice.

The first is that the rule change expands the definition of “custody” substantially to include many advisory practices that are already regulated heavily - so increasing the compliance burden. Chief among the advisory practices now in scope is discretionary trading authority, where a client gives an RIA power to issue instructions to broker to execute and settle trades without seeking the authority of the client.

The SEC argues that, because granting discretionary trading authority means the RIA can secure profits and incur losses on behalf of the client, this puts the RIA into a custodial relationship with the client. This is to stretch the notion of custody to breaking point, and both the Investment Company Institute (ICI) on behalf of mutual funds and the Managed Funds Association (MFA) on behalf of hedge funds have criticised the measure as all cost and no benefit. They say circa 5,000 RIAs will find they are providing “custody” to large numbers of accounts when nothing has actually changed in the RIA-client relationship.

The second major change is the extension of the range of assets regarded as eligible for custody. The rule change proposes to extend the application of the “custody rule” from securities and funds only to encompass all positions in a client account. The new rule defines assets as “funds, securities, or other positions held in a client’s account.”

The difficulty with this extension is that “other positions” may not correspond to the accounting definition of an “asset.” A negative cash position, or a short position in a security, or an options contract that gives the holder the right to buy or sell shares in the future at an agreed price, would normally appear on the liability rather than the asset side of the client balance sheet.

Even those “positions” that can be categorised correctly as “assets” – such as cash collateral posted as security in a swap contract executed on behalf of a client, or participations in syndicated loans, or any other assets that do not fall clearly into the funds or securities categories – would be covered by the new rules. So would physical assets such as real estate, precious metals and agricultural commodities.

The new rule will also capture a form of investment currently exempt from the “custody rule”: privately held funds. An RIA might have little to do with these assets currently other than recording them on behalf of a client. But if the revised “custody rule” stands, they will need to understand each area, comply with the relevant regulations and regulators, take out additional insurance cover and possibly have to set up new technology systems and operational processes.

Many of the asset classes captured by the revised “custody rule” are already regulated by agencies other than the SEC, such as the CFTC. They also operate to well-defined and well-established rules. According to the International Swaps and Derivatives Association (ISDA), the new rule means that a “qualified custodian” (6) would need to become party to every ISDA Master Agreement (the standard bi-lateral documentation of an OTC swap agreement between the two parties) and be notified of each transaction. This is because RIAs have no competence to perform custodial duties. Such a measure clearly takes the SEC into regulatory territory already controlled by the banking regulators that supervise ISDA members, rendering it liable to annulment as ultra vires. The same is true of syndicated loans, which are also a responsibility of banking regulators.

The third change is an expansion of the liability of custodians for client assets in custody. The fact that the new rule extends the notion of assets-in-custody to include all positions in a client account obviously increases the degree of risk assumed by a custodian, which may have little control over the “positions” of a client. The change implies custodians are exposed to losses on assets which they do not control.

This was the subject of contention in Europe when, in the wake of the great financial crisis of 2007-08, the European Union sought to make custodians liable for loss of client assets that they did not actually hold in custody, such as assets rehypothecated by investment banks used by the client. Ways were eventually found to limit the liability of custodians for client assets in the Alternative Investment Fund Managers Directive (AIFMD) of the EU – essentially, liability was limited to securities and funds recorded in the name of the custodian and to assets subject to rehypothecation only when they were not being re-used – and something similar might be agreed in the case of the new safeguarding rule, but the underlying legal responsibility will remain.

In another reprise of debates in the EU after 2007-08, one aspect of the new rule that has goaded the Association of Global Custodians (AGC) in particular is the extension of liability for assets held by sub-custodian banks and central securities depositories (CSDs). In the case of sub-custodians there is already some tension, as sub-custodians are chosen by global custodians, which remain responsible for losses not reimbursed by the sub-custodian. However, there are events, such as force majeure, that can occasion losses for which a sub-custodian cannot be held responsible.

As to CSDs, in many markets global custodians are either forced to use the CSD to settle transactions, or to use a sub-custodian for the same purpose, and so cannot reasonably be held responsible for the consequences of choices that are not voluntary. The riskiness of a sub-custodian or a CSD is generally a function of country risk, and it is the investor rather than the custodian that chooses to assume country risk. Accordingly, the AGC argues, not unreasonably, investors should bear CSD risk.

The fourth change proposed by the new rule is an obligation for custodians to segregate client assets, including cash. A measure of this kind is already in effect in the United Kingdom, where the Client Money Rules administered by the Financial Conduct Authority (FCA) oblige firms to segregate client cash from money they hold in their own name. (7) But in the United States, a safeguarding rule that required “qualified custodians” to hold client cash in segregated, off-balance sheet accounts is seen as fundamentally disruptive of the core banking business of taking deposits, providing credit and facilitating payments.

Opponents also argue that segregation would slow down cash payments and the securities and funds settlement cycles, leading to higher costs for investors and other market participants, through higher funding and credit charges, increased operational risks and increased risks of trade failures. It is reported that the SEC is open to discussing how cash is actually used for settlement, and in asset servicing functions such as dividend payments, and how banks provide liquidity. Net interest margin on client cash is of course a major source of income for custodian banks.

The fifth major change presaged by the revisions to the “custody rule” is to alter the relationship between the RIA, the custodian and the underlying asset owner client. The new rule would compel RIAs to enter into contractual agreements with clients’ custodians directly. This of course runs directly counter to the longstanding structure of custody relationships, in which asset owners choose, employ and pay custodians without the RIA being party to the agreement. Instead, the asset owner delegates authority to the RIA to buy and sell securities and deliver them to and retrieve them from the custodian as necessary.

Making RIAs party to custodial arrangements is not a new idea. The SEC attempted to make a similar change in 2017 but failed. The SEC has returned to the idea because it believes agreements between RIAs and client custodians can embody a set of protections for investors. In particular, the agreement would ensure that “qualified custodians” must:

• Exercise due care and attention and implement measures to safeguard the assets of the advisory client of the RIA;

• Indemnify the advisory client for those occasions when negligence, recklessness or wilful misconduct results in the client incurring losses;

• Not be relieved of their responsibilities to an advisory client as a result of sub-custodial arrangements;

• Clearly identify an advisory client’s assets and segregate those assets from their proprietary assets;

• Ensure client assets remain free of liens in favor of a qualified custodian unless authorised in writing by the client;

• Keep certain records relating to those assets;

• Cooperate with an independent public accountant’s efforts to assess its safeguarding efforts;

• Send periodic custodial account statements directly to the RIA;

• Submit internal controls relating to custodial practices to periodic evaluation of their effectiveness; and

• Reflect an investment adviser’s agreed-upon level of authority to effect transactions in the advisory client’s account, as well as any applicable terms or limitations.

The SEC proposes that these RIA-custodian agreements be in the form of a formal written agreement for some issues, while others can be satisfied by the custodian providing “reasonable assurances” in writing to the RIA.

The sixth change occasioned by the proposed new “custody rule” is a narrowing of the range of entities that rank as “qualified custodians.” In the estimation of its opponents, the new “safeguarding rule” will impose on custodians a host of new commercial and operational requirements that will be hard or even impossible for many custodians to fulfill, disrupt a multi-layered system that works well, and narrow the range of entities willing to provide custody services. A predictable consequence of increased compliance costs is indeed usually a reduction in choice and competition and higher fees, with no benefits for intermediaries or their clients.

There was also a concern that the SEC would try to exclude State chartered banks from being “qualified custodians” in the future. This followed actions by Federal banking regulators to discourage State-licensed banks eager to custody cryptocurrencies and other digital assets (8) - but the American Bankers Association (ABA) is confident that it has already neutered that possibility.

However, there are still barriers to clear, particularly in the narrow area of digital asset custody. Digital asset custodians reckon they will need insurance policies to meet the requirements of the new Safeguarding Rule. Given that digital asset custody insurance is a still-nascent business, the seventh and final concern raised by the proposed new Safeguarding Rule is a fear that no “qualified custodian” will be able to custody certain digital assets on behalf of certain RIAs.

While the large and established global custodian banks were put under pressure by buy-side clients to safekeep cryptocurrencies, the same banks are now also under pressure from regulators not to do so. BNY Mellon is offering a limited service - Bitcoin and Ether custody only - to clients, while State Street is not offering a service at all. No major global custodian bank will offer cryptocurrency services to smaller RIAs.

This is the opportunity identified by a number of banking entities at the State level, which have secured licences as Limited Purpose Trust companies. The New York Department of Financial Services (NYDFS) has emerged as the dominant issuer in terms of both licences and AuC, although the figure is flattered by the fact that both Coinbase (the largest cryptocurrency custodian with $120 billion in AuC) and BitGo (probably the second biggest and certainly the most prominent independent cryptocurrency custodian) are both in New York.

A number of other States - South Dakota, Nevada, Washington and Wyoming – also offer Limited Trust or Special Purpose Depositary licences. Some of the recipients of these have proved less-than-robust. In June 2023, the Nevada Financial Institutions Division placed one of its licensed providers, Prime Trust, into receivership. (9) So the outlook for the average-sized RIA looking for a “qualified custodian” to comply with the new Safeguarding Rule is bleak even before the peculiarities of holding digital asset under the new rule are taken into account.

(1) Securities and Exchange Commission, 17 CFR Parts 275 and 279, Release No. IA-6240; File No. S7-04-23, RIN 3235-AM32, Safeguarding Advisory Client Assets, 15 February 2023.

(2) They are: ABA Securities Association (ABASA); American Bankers Association (ABA); Alternative Investment Management Association (AIMA); American Council of Life Insurers (ACLI); Association for Financial Markets in Europe (AFME); Bank Policy Institute (BPI); Commercial Real Estate Finance Council CREFC); Committee of Annuity Insurers; Committee on Capital Markets Regulation (CCMR); Commodity Market Council (CMC); Financial Services Forum (FSF); Financial Services Institute (FSI); Futures Industry Association (FIA); Institute for Portfolio Alternatives (IPA); Insured Retirement Institute (IRI); International Swaps and Derivatives Association (ISDA); Investment Company Institute (ICI); Loan Syndications and Trading Association (LSTA); Managed Funds Association (MFA); Money Management Institute (MMI); Nareit; National Society of Compliance Professionals (NSCP); Securities Industry and Financial Markets Association (SIFMA); Securities Industry and Financial Markets Association Asset Management Group (SIFMA AMG); The Real Estate Roundtable (RER); and the U.S. Chamber of Commerce Center for Capital Markets Competitiveness (CCMC).

(3) A copy of the letter can be found here: https://www.sifma.org/wp-content/uploads/2023/09/Negative-Impacts-of-the-Safeguarding-Propos-al-on-Investors-Market-Participants-and-the-Financial-Markets-Joint-Trades.pdf

(4) Federal Register, Safeguarding Advisory Client Assets; Reopening of Comment Period, A Proposed Rule by the Securities and Exchange Commission on 08/30/2023 at https://www.federalregister.gov/documents/2023/08/30/2023-18667/safeguarding-advisory-client-assets-reopen-ing-of-comment-period

(5) Since the “custody rule” was introduced in 1962 it has been updated only once before. This was in 2003, to take account of technical changes in custody and custody technology; it was limited in scope by comparison with the changes that could follow implementation of the new “safe-guarding rule.”

(6) For a definition of a “qualified custodian” see Future of Finance, Digital Asset Custody Guide: The Future Looks Like the Past, Issue 1, page 22. Essentially, the term “qualified custodian” refers to a bank or savings association, SEC-registered broker-dealer, CFTC-registered futures commission merchant, or certain foreign financial institutions meeting specific requirements.

(7) See https://www.handbook.fca.org.uk/handbook/CASS/7.pdf

(8) See page 15 above and footnote 31 on page 49 above. See also the story of Wyoming custodian bank Custodia on page 51 above.

(9) See Future of Finance, Digital Asset Custody Guide: The Future Looks Like the Past, Issue 1, page 9.

Investment Advisors Act 1940